Versions Compared

Old Version 6

changes.mady.by.user Izabela Jarosz

Saved on

compared with

New Version 7

changes.mady.by.user Izabela Jarosz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This section includes rule mapping for the CWE standard. The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.

CWE Top 25

...

2023 Mapping

CWE ID

CWE name/description

Parasoft rule ID(s)

CWE-787

Out-of-bounds Write

  • CWE.787.ARRAY

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CWE.79.VPPD
  • CWE.79.TDRESP
  • CWE.79.TDXSS
  • CWE.79.AXSSE
  • CWE.79.CSP

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

  • CWE.89.TDSQL
  • CWE.89.TDSQLC

CWE-416

Use After Free

  • CWE.416.DISP
  • CWE.416.FIN

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

  • CWE.78.TDCMD

CWE-20

Improper Input Validation

  • CWE.20.ARRAY
  • CWE.20.VPPD
  • CWE.20.TDNET
  • CWE.20.TDFNAMES
  • CWE.20.TDCMD
  • CWE.20.TDRESP
  • CWE.20.TDXSS
  • CWE.20.TDSQL
  • CWE.20.TDSQLC

CWE-125

Out-of-bounds Read

  • CWE.125.ARRAY

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE.22.TDFNAMES

CWE-352

Cross-Site Request Forgery (CSRF)

  • CWE.352.VPPD
  • CWE.352.TDRESP
  • CWE.352.VAFT
  • CWE.352.CA3147
  • CWE.352.CA5391

CWE-434

Unrestricted Upload of File with Dangerous Type

  • CWE.434.TDFNAMES

CWE-862

Missing Authorization

  • CWE.862.UAA

CWE-476

NULL Pointer Dereference

  • CWE.476.NR
  • CWE.476.DEREF
  • CWE.476.CNFA

CWE-287

Improper Authentication

  • CWE.287.TDPASSWD
  • CWE.287.AAM
  • CWE.287.UAAMC
  • CWE.287.LUAFLA
  • CWE.287.IIPHEU
  • CWE.287.CA5359
  • CWE.287.CA5403
  • CWE.287.CA5376
  • CWE.287.CA5390

CWE-190

Integer Overflow or Wraparound

  • CWE.190.AIWIL
  • CWE.190.AIOAC
  • CWE.190.INTWRAP
  • CWE.190.INTDL
  • CWE.190.INTVC

CWE-502

Deserialization of Untrusted Data

  • CWE.502.IIDC
  • CWE.502.UIS
  • CWE.502.IDC
  • CWE.502.MGODWSPA
  • CWE.502.CA2350
  • CWE.502.CA2351
  • CWE.502.CA2352
  • CWE.502.CA2353
  • CWE.502.CA2354
  • CWE.502.CA2355
  • CWE.502.CA2356
  • CWE.502.CA2361
  • CWE.502.CA2362

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE.77.TDCMD

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE.119.ARRAY

CWE-798

Use of Hard-coded Credentials

  • CWE.798.HARDCONN
  • CWE.798.HPW
  • CWE.798.CA5403

CWE-918

Server-Side Request Forgery (SSRF)

  • CWE.918.TDNET
  • CWE.918.CA3147
  • CWE.918.CA5368
  • CWE.918.CA5391
  • CWE.918.CA5395

CWE-306

Missing Authentication for Critical Function

  • N/A

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE.362.LOCKSETGET
  • CWE.362.DIFCS

CWE-269

Improper Privilege Management

  • CWE.269.IDENTITY
  • CWE.269.CA5375
  • CWE.269.CA5377

CWE-94

Improper Control of Generation of Code ('Code Injection')

  • CWE.94.TDCODE

CWE-863

Incorrect Authorization

  • CWE.863.AAM
  • CWE.863.UAAMC
  • CWE.863.AUTH

CWE-276

Incorrect Default Permissions

  • N/A

CWE Weaknesses On the Cusp

...

2023 Mapping

CWE ID

CWE name/description

Parasoft rule ID(s)

CWE-787

Out-of-bounds Write

  • CWE.787.ARRAY

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CWE.79.SCS0029
  • CWE.79.VPPD
  • CWE.79.TDRESP
  • CWE.79.TDXSS
  • CWE.79.AXSSE
  • CWE.79.CSP

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

  • CWE.89.TDSQL
  • CWE.89.TDSQLC

CWE-416

Use After Free

  • CWE.416.DISP
  • CWE.416.FIN

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

  • CWE.78.TDCMD

CWE-20

Improper Input Validation

  • CWE.20.ARRAY
  • CWE.20.VPPD
  • CWE.20.TDNET
  • CWE.20.TDFNAMES
  • CWE.20.TDCMD
  • CWE.20.TDRESP
  • CWE.20.TDXSS
  • CWE.20.TDSQL
  • CWE.20.TDSQLC
  • CWE.20.SCS0017
  • CWE.20.SCS0021
  • CWE.20.SCS0030
  • CWE.20.SCS0022

CWE-125

Out-of-bounds Read

  • CWE.125.ARRAY

CWE-

78

22

Improper

Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE.78.TDCMD

CWE-416

Use After Free

  • CWE.416.DISP
  • CWE.416.FIN

CWE-22

Improper Limitation of a

Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE.22.TDFNAMES
  • CWE.22.SCS0018

CWE-352

Cross-Site Request Forgery (CSRF)

  • CWE.352.VPPD
  • CWE.352.TDRESP
  • CWE.352.VAFT
  • CWE.352.CA3147
  • CWE.352.CA5391
  • CWE.352.SCS0016

CWE-434

Unrestricted Upload of File with Dangerous Type

  • CWE.434.TDFNAMES

CWE-862

Missing Authorization

  • CWE.862.UAA
  • CWE.862.SCS0019

CWE-476

NULL Pointer Dereference

  • CWE.476.NR
  • CWE.476.CNFA

CWE-

502

Deserialization of Untrusted Data

287

Improper Authentication

  • CWE.
502
  • 287.
IIDC
  • TDPASSWD
  • CWE.
502
  • 287.
UIS
  • AAM
  • CWE.
502
  • 287.
IDC
  • UAAMC
  • CWE.
502
  • 287.
MGODWSPA
  • LUAFLA
  • CWE.
502
  • 287.
CA2350
  • IIPHEU
  • CWE.
502
  • 287.
CA2351
  • CA5359
  • CWE.
502
  • 287.
CA2352
  • CA5403
  • CWE.
502
  • 287.
CA2353
  • CA5376
  • CWE.
502
  • 287.
CA2354
  • CA5390
  • CWE.
502
  • 287.
CA2355
  • SCS0032
  • CWE.
502
  • 287.
CA2356
  • SCS0033
  • CWE.
502.CA2361CWE.502.CA2362
  • 287.SCS0034

CWE-190

Integer Overflow or Wraparound

  • CWE.190.AIWIL
  • CWE.190.AIOAC
  • CWE.190.INTWRAP

CWE-

287Improper Authentication

502

Deserialization of Untrusted Data

  • CWE.
287
  • 502.
TDPASSWD
  • IIDC
  • CWE.
287
  • 502.
AAM
  • UIS
  • CWE.
287
  • 502.
UAAMC
  • IDC
  • CWE.
287
  • 502.
LUAFLA
  • MGODWSPA
  • CWE.
287
  • 502.
IIPHEU
  • CA2350
  • CWE.
287
  • 502.
CA5359
  • CA2351
  • CWE.
287
  • 502.
CA5403
  • CA2352
  • CWE.
287
  • 502.
CA5376
  • CA2353
  • CWE.
287.CA5390

CWE-798

Use of Hard-coded Credentials
  • 502.CA2354
  • CWE.
798
  • 502.
HPWCS
  • CA2355
  • CWE.
798
  • 502.
HARDCONN
  • CA2356
  • CWE.
798
  • 502.
HPW
  • CA2361
  • CWE.
798
  • 502.
CA5403
  • CA2362
  • CWE
-862

Missing Authorization

CWE.862.UAA
  • .502.SCS0028

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE.77.TDCMD
CWE-306

Missing Authentication for Critical Function

  • N/A

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE.119.ARRAY

CWE-

276

798

Use of Hard-coded Credentials

  • CWE.798.HPWCS
  • CWE.798.HARDCONN
  • CWE.798.HPW
  • CWE.798.SCS0015
  • CWE.798.CA5403

CWE-

Incorrect Default Permissions

  • N/A
CWE-

918

Server-Side Request Forgery (SSRF)

  • CWE.918.TDNET
  • CWE.918.CA3147
  • CWE.918.CA5368
  • CWE.918.CA5391
  • CWE.918.CA5395

CWE-306

Missing Authentication for Critical Function

  • N/A

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE.362.LOCKSETGET
  • CWE.362.DIFCS

CWE-

400

269

Improper Privilege Management

Uncontrolled Resource Consumption

  • CWE.
400
  • 269.
LEAKS
  • IDENTITY
  • CWE.
400
  • 269.
TDLOG
  • CA5375
  • CWE.
400
  • 269.
CA5362
  • CA5377

CWE-

611

94

Improper

Restriction of XML External Entity Reference

Control of Generation of Code ('Code Injection')

  • CWE.
611
  • 94.
PDTDP
  • TDCODE

CWE

.611.USXRS

-863

Incorrect Authorization

  • CWE.863.AAM
  • CWE.863.UAAMC
  • CWE.863.AUTH

CWE-276

Incorrect Default Permissions

  • N/A

CWE-617

Reachable Assertion

  • CWE.617.ATA

CWE-427

Uncontrolled Search Path Element

  • CWE.427.CA5393

CWE-611

Improper Restriction of XML External Entity Reference

  • CWE.611.PDTDP
  • CWE.611.USXRS
  • CWE.611.
CWE.611.
  • CA3061
  • CWE.611.CA3075
  • CWE.611.CA3077
  • CWE.611.CA5366
  • CWE.611.CA5369
  • CWE.611.CA5370
  • CWE.611.CA5371
  • CWE.611.CA5372

CWE-

94

770

Improper Control of Generation of Code ('Code Injection')

Allocation of Resources Without Limits or Throttling

  • CWE.770.UHCF
  • CWE.770.CA2014
  • CWE.
94
  • 770.
TDCODE
  • TDALLOC

CWE-

295

200

Exposure of Sensitive Information to an Unauthorized Actor

Improper Certificate Validation

  • CWE.
295
  • 200.
DNICV
  • SELSPLAT
  • CWE.
295
  • 200.
CA5359
  • SDE
  • CWE.
295
  • 200.
CA5403
  • SENS
  • CWE.
295
  • 200.
CA5399
  • PEO
  • CWE.
295
  • 200.
CA5400
  • ACPST
  • CWE
-427

Uncontrolled Search Path Element

  • .200.ALSI
  • CWE.
427
  • 200.
CA5393
  • SENSLOG
  • CWE
-863

Incorrect Authorization

  • .200.CSG
  • CWE.
863.AAM
  • CWE.863.UAAMC
  • CWE.863.AUTH
    • 200.CA3004

    CWE-

    CWE-269

    Improper Privilege Management

    • CWE.269.IDENTITY
    • CWE.269.AUEP
    • CWE.269.CA5375
    • CWE.269.CA5377
    CWE-

    732

    Incorrect Permission Assignment for Critical Resource

    • CWE.732.ADSVSP
    • CWE.732.CA5396

    CWE-

    843Access of Resource Using Incompatible Type ('Type Confusion

    601

    URL Redirection to Untrusted Site ('Open Redirect')

    • N/A

    CWE-668

    Exposure of Resource to Wrong Sphere

    • CWE.668.TDINPUT
    • CWE.668.TDFNAMES
    • CWE.668.PBRTE
    • CWE.668.CA5393
    • CWE.668.CSG
    • CWE.668.CA3004
    • CWE.668.SELSPLAT
    • CWE.668.SDE
    • CWE.668.SENS
    • CWE.668.PEO
    • CWE.668.ACPST
    • CWE.668.ALSI
    • CWE.668.SENSLOG
    • CWE.668.TDPASSWD
    • CWE.668.ADSVSP
    • CWE.668.CA5396

    CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

    • CWE.200.SELSPLAT
    • CWE.200.SDE
    • CWE.200.SENS
    • CWE.200.PEO
    • CWE.200.ACPST
    • CWE.200.ALSI
    • CWE.200.SENSLOG
    • CWE.200.CSG
    • CWE.200.CA3004

    CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

    • N/A

    CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')

    • CWE.601.TDNET
    • CWE.601.TDRESP

    CWE-401

    Missing Release of Memory after Effective Lifetime

    • N/A

    CWE-59

    Improper Link Resolution Before File Access ('Link Following')

    • CWE.59.VLT

    CWE-522

    Insufficiently Protected Credentials

    • CWE.522.TDPASSWD

    CWE-319

    Cleartext Transmission of Sensitive Information

    • N/A

    CWE-312

    Cleartext Storage of Sensitive Information

    • CWE.312.RSFSS
    • CWE.312.SSFP

    ...

    • CWE.601.TDNET
    • CWE.601.TDRESP

    CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

    • N/A

    CWE-295

    Improper Certificate Validation

    • CWE.295.DNICV
    • CWE.295.CA5359
    • CWE.295.CA5403
    • CWE.295.CA5399
    • CWE.295.CA5400

    CWE-522

    Insufficiently Protected Credentials

    • CWE.522.TDPASSWD

    CWE-401

    Missing Release of Memory after Effective Lifetime

    • N/A

    CWE-400

    Uncontrolled Resource Consumption

    • CWE.400.CA5362
    • CWE.400.UHCF
    • CWE.400.CA2014
    • CWE.400.TDALLOC
    • CWE.400.LEAKS
    • CWE.400.TDLOG

    CWE-639

    Authorization Bypass Through User-Controlled Key

    • N/A

    CWE-59

    Improper Link Resolution Before File Access ('Link Following')

    • CWE.59.VLT

    CWE-668

    Exposure of Resource to Wrong Sphere

    • CWE.668.TDINPUT
    • CWE.668.TDFNAMES
    • CWE.668.PBRTE
    • CWE.668.CA5393
    • CWE.668.CSG
    • CWE.668.CA3004
    • CWE.668.SELSPLAT
    • CWE.668.SDE
    • CWE.668.SENS
    • CWE.668.PEO
    • CWE.668.ACPST
    • CWE.668.ALSI
    • CWE.668.SENSLOG
    • CWE.668.TDPASSWD
    • CWE.668.ADSVSP
    • CWE.668.CA5396
    • CWE.668.SCS0018
    • CWE.668.SCS0024

    CWE Top 25 2022 Mapping

    CWE ID

    CWE name/description

    Parasoft rule ID(s)

    CWE-787

    Out-of-bounds Write

    • CWE.787.ARRAY

    CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    • CWE.79.VPPD
    • CWE.79.TDRESP
    • CWE.79.TDXSS
    • CWE.79.AXSSE
    • CWE.79.CSP

    CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    • CWE.89.TDSQL
    • CWE.89.TDSQLC

    CWE-

    416

    Use After Free

    • CWE.416.DISP
    • CWE.416.FIN

    CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    • CWE.78.TDCMD

    CWE-20

    20

    Improper

    Improper

    Input Validation

    • CWE.20.ARRAY
    • CWE.20.VPPD
    • CWE.20.TDNET
    • CWE.20.TDFNAMES
    • CWE.20.TDCMD
    • CWE.20.TDRESP
    • CWE.20.TDXSS
    • CWE.20.TDSQL
    • CWE.20.TDSQLC

    CWE-125

    Out-of-bounds Read

    • CWE.125.ARRAY

    CWE-

    22

    78

    Improper

    Limitation of a Pathname to a Restricted Directory ('Path Traversal

    Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    • CWE.
    22
    • 78.
    TDFNAMES
    • TDCMD

    CWE-

    352

    Cross-Site Request Forgery (CSRF)

    416

    Use After Free

    • CWE.416.DISP
    • CWE.416.FIN

    CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    • CWE.22.TDFNAMES

    CWE-352

    Cross-Site Request Forgery (CSRF)

    • CWE.352.
    CWE.352.
    • VPPD
    • CWE.352.TDRESP
    • CWE.352.VAFT
    • CWE.352.CA3147
    • CWE.352.CA5391

    CWE-434

    Unrestricted Upload of File with Dangerous Type

    • CWE.434.TDFNAMES

    CWE-862

    Missing Authorization

    CWE

    .862.UAACWE

    -476

    NULL Pointer Dereference

    • CWE.476.NR
    • CWE.476.DEREF
    • CWE.476.CNFA

    CWE-

    287Improper Authentication

    502

    Deserialization of Untrusted Data

    • CWE.
    287
    • 502.
    TDPASSWD
    • IIDC
    • CWE.
    287
    • 502.
    AAM
    • UIS
    • CWE.
    287
    • 502.
    UAAMC
    • IDC
    • CWE.
    287.LUAFLA
    • 502.MGODWSPA
    • CWE.502.CA2350
    • CWE.502.CA2351
    • CWE.502.CA2352
    • CWE.502.CA2353
    • CWE.
    287
    • 502.
    IIPHEU
    • CA2354
    • CWE.
    287
    • 502.
    CA5359
    • CA2355
    • CWE.
    287
    • 502.
    CA5403
    • CA2356
    • CWE.
    287
    • 502.
    CA5376
    • CA2361
    • CWE.
    287
    • 502.
    CA5390
    • CA2362

    CWE-190

    Integer Overflow or Wraparound

    • CWE.190.AIWIL
    • CWE.190.AIOAC
    • CWE.190.
    INTWRAP
    • INTOVERF

    CWE-287

    Improper Authentication

    • CWE.
    190
    • 287.
    INTDL
    • TDPASSWD
    • CWE.
    190
    • 287.
    INTVC
    • AAM
    • CWE
    -502

    Deserialization of Untrusted Data

    CWE.502.IIDC
    • .287.UAAMC
    • CWE.
    502
    • 287.
    UIS
    • LUAFLA
    • CWE.
    502
    • 287.
    IDC
    • IIPHEU
    • CWE.
    502
    • 287.
    MGODWSPA
    • CA5359
    • CWE.
    502
    • 287.
    CA2350
    • CA5403
    • CWE.
    502
    • 287.
    CA2351
    • CA5376
    • CWE.
    502
    • 287.
    CA2352
    • CA5390

    CWE

    .502.CA2353

    -798

    Use of Hard-coded Credentials

    • CWE.
    502
    • 798.
    CA2354
    • HARDCONN
    • CWE.
    502
    • 798.
    CA2355
    • HPW
    • CWE.
    502
    • 798.
    CA2356
    • CA5403

    CWE

    .502.CA2361

    -862

    Missing Authorization

    • CWE.
    502
    • 862.
    CA2362
    • UAA

    CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

    • CWE.77.TDCMD

    CWE-306

    Missing Authentication for Critical Function

    • N/A

    CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

    • CWE.119.ARRAY

    CWE-

    798

    Use of Hard-coded Credentials

    • CWE.798.HARDCONN
    • CWE.798.HPW
    • CWE.798.CA5403

    CWE-918

    276

    Incorrect Default Permissions

    • N/A

    CWE-918

    Server-Side Request Forgery (SSRF)

    • CWE.918.TDNET
    • CWE.918.CA3147
    • CWE.918.CA5368
    • CWE.918.CA5391
    • CWE.918.CA5395

    CWE-306

    Missing Authentication for Critical Function

    N/A

    CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    • CWE.362.LOCKSETGET
    • CWE.362.DIFCS

    CWE-

    269Improper Privilege Management

    400

    Uncontrolled Resource Consumption

    • CWE.
    269
    • 400.
    IDENTITY
    • LEAKS
    • CWE.
    269
    • 400.
    CA5375
    • TDLOG
    • CWE.
    269
    • 400.
    CA5377
    • CA5362

    CWE-

    94

    611

    Improper

    Control of Generation of Code ('Code Injection')

    Restriction of XML External Entity Reference

    • CWE.
    94
    • 611.
    TDCODE
    • PDTDP
    • CWE
    -863

    Incorrect Authorization

    • .611.USXRS
    • CWE.
    863
    • 611.
    AAM
    • CA3061
    • CWE.
    863
    • 611.
    UAAMC
    • CA3075
    • CWE.
    863.AUTH
    • 611.CA3077
    • CWE.611.CA5366
    • CWE.611.CA5369
    • CWE.611.CA5370
    • CWE.611.CA5371
    • CWE.611.CA5372

    CWE-

    276

    94

    Improper Control of Generation of Code ('Code Injection')

    • CWE.94.TDCODE

    Incorrect Default Permissions

    N/A

    CWE Weaknesses On the Cusp

    ...

    2022 Mapping

    CWE ID

    CWE name/description

    Parasoft rule ID(s)

    CWE-

    617Reachable Assertion

    295

    Improper Certificate Validation

    • CWE.
    617
    • 295.
    ATA
    • TDCODE

    CWE-427

    Uncontrolled Search Path Element

    • CWE.427.
    CA5393
    • DNICV
    • CWE
    -611Improper Restriction of XML External Entity Reference
    • .427.CA5359
    • CWE.
    611.PDTDP
    • 427.CA5403

    CWE-863

    Incorrect Authorization

    • CWE.
    611
    • 863.
    USXRS
    • CA5393

    CWE

    .611.CA3061

    -269

    Improper Privilege Management

    • CWE.
    611
    • 269.
    CA3075
    • AAM
    • CWE.
    611
    • 269.
    CA3077
    • UAAMC
    • CWE.
    611
    • 269.
    CA5366
    • AUTH

    CWE

    .611.CA5369

    -732

    Incorrect Permission Assignment for Critical Resource

    • CWE.
    611
    • 732.
    CA5370
    • IDENTITY
    • CWE.
    611
    • 732.
    CA5371
    • CA5375
    • CWE.
    611
    • 732.
    CA5372
    • CA5377

    CWE-

    770

    843

    Allocation of Resources Without Limits or Throttling

    Access of Resource Using Incompatible Type ('Type Confusion')

    • CWE.
    770
    • 843.
    UHCF
    • ADSVSP
    • CWE.
    770
    • 843.
    CA2014
    • CA5396

    CWE-668

    Exposure of Resource to Wrong Sphere

    • N/A
    CWE.770.TDALLOC

    CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

    CWE.200.SELSPLAT

    • N/A

    CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

    • CWE.
    200
    • 1321.SDE
    • CWE.
    200
    • 1321.SENS
    • CWE.
    200
    • 1321.PEO
    • CWE.
    200
    • 1321.ACPST
    • CWE.
    200
    • 1321.
    ALSI
    • CSG
    • CWE.
    200
    • 1321.SENSLOG
    • CWE.
    200.CSGCWE.200.
    • 1321.CA3004

    CWE-

    732

    Incorrect Permission Assignment for Critical Resource

    • CWE.732.ADSVSP
    • CWE.732.CA5396

    601

    URL Redirection to Untrusted Site ('Open Redirect')

    • N/A

    CWE-401

    Missing Release of Memory after Effective Lifetime

    • CWE.401

    CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')

    CWE.601
    • .TDNET
    • CWE.
    601
    • 401.TDRESP

    CWE-

    1321

    59

    Improper Link Resolution Before File Access ('Link Following

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution

    ')

    • N/A

    CWE-

    295

    522

    Insufficiently Protected Credentials

    Improper Certificate Validation

    • CWE.
    295
    • 522.
    DNICV
    • VLT

    CWE

    .295.CA5359

    -319

    Cleartext Transmission of Sensitive Information

    CWE.295.CA5403

    • CWE.
    295
    • 319.
    CA5399
    • TDPASSWD

    CWE

    .295.CA5400

    CWE-522

    Insufficiently Protected Credentials

    • CWE.522.TDPASSWD

    CWE-401

    Missing Release of Memory after Effective Lifetime

    • N/A

    CWE-400

    Uncontrolled Resource Consumption

    • CWE.400.CA5362
    • CWE.400.UHCF
    • CWE.400.CA2014
    • CWE.400.TDALLOC
    • CWE.400.LEAKS
    • CWE.400.TDLOG

    CWE-639

    Authorization Bypass Through User-Controlled Key

    • N/A

    CWE-59

    Improper Link Resolution Before File Access ('Link Following')

    • CWE.59.VLT

    CWE-668

    Exposure of Resource to Wrong Sphere

    -312

    Cleartext Storage of Sensitive Information

    • N/A
  • CWE.668.TDINPUT
  • CWE.668.TDFNAMES
  • CWE.668.PBRTE
  • CWE.668.CA5393
  • CWE.668.CSG
  • CWE.668.CA3004
  • CWE.668.SELSPLAT
  • CWE.668.SDE
  • CWE.668.SENS
  • CWE.668.PEO
  • CWE.668.ACPST
  • CWE.668.ALSI
  • CWE.668.SENSLOG
  • CWE.668.TDPASSWD
  • CWE.668.ADSVSP
    • CWE.668.CA5396

    CWE 4.15 Mapping

    CWE ID

    CWE name/description

    Parasoft rule ID(s)

    CWE-20

    Improper Input Validation

    • CWE.20.VPPD
    • CWE.20.TDNET
    • CWE.20.TDFNAMES
    • CWE.20.TDCMD
    • CWE.20.TDRESP
    • CWE.20.TDXSS
    • CWE.20.TDSQL
    • CWE.20.TDSQLC

    CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    • CWE.22.SCS0018
    • CWE.22.TDFNAMES

    CWE-64

    Windows Shortcut Following (.LNK)

    • CWE.64.VLT

    CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    • CWE.78.TDCMD

    CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    • CWE.79.SCS0029
    • CWE.79.TDXSS
    • CWE.79.AXSSE
    • CWE.79.CSP

    CWE-80

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

    • CWE.80.VPPD
    • CWE.80.TDRESP

    CWE-88

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

    • CWE.88.TDCMD
    • CWE.88.VPPD

    CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    • CWE.89.TDSQL
    • CWE.89.TDSQLC

    CWE-90

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

    • CWE.90.SCS0031
    • CWE.90.SCS0026
    • CWE.90.TDLDAP

    CWE-95

    Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

    • CWE.95.TDCODE

    CWE-99

    Improper Control of Resource Identifiers ('Resource Injection')

    • CWE.99.TDFNAMES
    • CWE.99.TDNET

    CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

    • CWE.120.AUK

    CWE-125

    Out-of-bounds Read

    • CWE.125.ARRAY

    CWE-129

    Improper Validation of Array Index

    • CWE.129.ARRAY

    CWE-131

    Incorrect Calculation of Buffer Size

    • CWE.131.AUK

    CWE-134

    Use of Externally-Controlled Format String

    • CWE.134.TDINPUT

    CWE-190

    Integer Overflow or Wraparound

    • CWE.190.AIWIL
    • CWE.190.AIOAC
    • CWE.190.INTWRAP

    CWE-191

    Integer Underflow (Wrap or Wraparound)

    • CWE.191.AIWIL
    • CWE.191.AIOAC
    • CWE.191.INTWRAP

    CWE-197

    Numeric Truncation Error

    • CWE.197.ECLSII
    • CWE.197.INTDL

    CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

    • CWE.200.CSG
    • CWE.200.CA3004

    CWE-201

    Insertion of Sensitive Information Into Sent Data

    • CWE.201.SELSPLAT

    CWE-209

    Generation of Error Message Containing Sensitive Information

    • CWE.209.SDE
    • CWE.209.SENS
    • CWE.209.PEO
    • CWE.209.ACPST

    CWE-212

    Improper Removal of Sensitive Information Before Storage or Transfer

    • CWE.212.CSG

    CWE-250

    Execution with Unnecessary Privileges

    • CWE.250.AUEP
    • CWE.250.CA5375
    • CWE.250.CA5377

    CWE-252

    Unchecked Return Value

    • CWE.252.RETVAL
    • CWE.252.CHECKRET

    CWE-256

    Plaintext Storage of a Password

    • CWE.256.TDPASSWD

    CWE-259

    Use of Hard-coded Password

    • CWE.259.HPW
    • CWE.259.SCS0015

    CWE-260

    Password in Configuration File

    • CWE.260.HPWCS

    CWE-269

    Improper Privilege Management

    • CWE.269.IDENTITY

    CWE-287

    Improper Authentication

    • CWE.287.AAM
    • CWE.287.UAAMC

    CWE-294

    Authentication Bypass by Capture-replay

    • CWE.294.CA5376

    CWE-295

    Improper Certificate Validation

    • CWE.295.DNICV
    • CWE.295.CA5359
    • CWE.295.CA5403

    CWE-299

    Improper Check for Certificate Revocation

    • CWE.299.CA5399
    • CWE.299.CA5400

    CWE-307

    Improper Restriction of Excessive Authentication Attempts

    • CWE.307.LUAFLA

    CWE-311

    Missing Encryption of Sensitive Data

    • CWE.311.SCS0023

    CWE-316

    Cleartext Storage of Sensitive Information in Memory

    • CWE.316.RSFSS
    • CWE.316.SSFP

    CWE-319

    Cleartext Transmission of Sensitive Information

    • CWE.319.RHTTPS

    CWE-321

    Use of Hard-coded Cryptographic Key

    • CWE.321.CA5390

    CWE-326

    Inadequate Encryption Strength

    • CWE.326.RSAKS

    CWE-327

    Use of a Broken or Risky Cryptographic Algorithm

    • CWE.327.SCS0010
    • CWE.327.SCS0013
    • CWE.327.DNCCKS
    • CWE.327.ACCA

    CWE-328

    Use of Weak Hash

    • CWE.328.SCS0006

    CWE-329

    Generation of Predictable IV with CBC Mode

    • CWE.329.ACCA

    CWE-338

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

    • CWE.338.USSCR

    CWE-350

    Reliance on Reverse DNS Resolution for a Security-Critical Action

    • CWE.350.IIPHEU

    CWE-352

    Cross-Site Request Forgery (CSRF)

    • CWE.352.VPPD
    • CWE.352.TDRESP
    • CWE.352.CA3147
    • CWE.352.CA5391
    • CWE.352.SCS0016

    CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    • CWE.362.LOCKSETGET
    • CWE.362.DIFCS

    CWE-369

    Divide By Zero

    • CWE.369.ZERO

    CWE-391

    Unchecked Error Condition

    • CWE.391.LGE

    CWE-395

    Use of NullPointerException Catch to Detect NULL Pointer Dereference

    • CWE.395.NCNRE

    CWE-396

    Declaration of Catch for Generic Exception

    • CWE.396.NCSAE

    CWE-397

    Declaration of Throws for Generic Exception

    • CWE.397.NTSAE

    CWE-400

    Uncontrolled Resource Consumption

    • CWE.400.CA5362

    CWE-402

    Transmission of Private Resources into a New Sphere ('Resource Leak')

    • CWE.402.CSG

    CWE-412

    Unrestricted Externally Accessible Lock

    • CWE.412.NLT

    CWE-416

    Use After Free

    • CWE.416.DISP
    • CWE.416.FIN

    CWE-426

    Untrusted Search Path

    • CWE.426.PBRTE

    CWE-427

    Uncontrolled Search Path Element

    • CWE.427.CA5393

    CWE-434

    Unrestricted Upload of File with Dangerous Type

    • CWE.434.TDFNAMES

    CWE-456

    Missing Initialization of a Variable

    • CWE.456.NOTEXPLINIT

    CWE-457

    Use of Uninitialized Variable

    • CWE.457.NOTEXPLINIT

    CWE-470

    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

    • CWE.470.TDRFL

    CWE-472

    External Control of Assumed-Immutable Web Parameter

    • CWE.472.SCS0024

    CWE-476

    NULL Pointer Dereference

    • CWE.476.NR
    • CWE.476.CNFA

    CWE-480

    Use of Incorrect Operator

    • CWE.480.PUO

    CWE-481

    Assigning instead of Comparing

    • CWE.481.AWC

    CWE-494

    Download of Code Without Integrity Check

    • CWE.494.IREC

    CWE-499

    Serializable Class Containing Sensitive Data

    • CWE.499.CSG

    CWE-502

    Deserialization of Untrusted Data

    • CWE.502.IIDC
    • CWE.502.UIS
    • CWE.502.IDC
    • CWE.502.MGODWSPA
    • CWE.502.CA2300
    • CWE.502.CA2350
    • CWE.502.CA2351
    • CWE.502.CA2352
    • CWE.502.CA2353
    • CWE.502.CA2354
    • CWE.502.CA2355
    • CWE.502.CA2356
    • CWE.502.CA2361
    • CWE.502.CA2362
    • CWE.502.SCS0028

    CWE-521

    Weak Password Requirements

    • CWE.521.SCS0032
    • CWE.521.SCS0033
    • CWE.521.SCS0034

    CWE-532

    Insertion of Sensitive Information into Log File

    • CWE.532.ALSI
    • CWE.532.SENSLOG

    CWE-546

    Suspicious Comment

    • CWE.546.TODO

    CWE-554

    ASP.NET Misconfiguration: Not Using Input Validation Framework

    • CWE.554.SCS0017
    • CWE.554.SCS0021
    • CWE.554.SCS0030
    • CWE.554.SCS0022

    CWE-561

    Dead Code

    • CWE.561.UC

    CWE-563

    Assignment to Variable without Use

    • CWE.563.VOVR

    CWE-570

    Expression is Always False

    • CWE.570.CC

    CWE-571

    Expression is Always True

    • CWE.571.CC

    CWE-595

    Comparison of Object References Instead of Object Contents

    • CWE.595.REVT

    CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')

    • CWE.601.TDNET
    • CWE.601.TDRESP

    CWE-611

    Improper Restriction of XML External Entity Reference

    • CWE.611.PDTDP
    • CWE.611.USXRS
    • CWE.611.CA3061
    • CWE.611.CA3075
    • CWE.611.CA3077
    • CWE.611.CA5366
    • CWE.611.CA5369
    • CWE.611.CA5370
    • CWE.611.CA5371
    • CWE.611.CA5372

    CWE-613

    Insufficient Session Expiration

    • CWE.613.ISE

    CWE-614

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

    • CWE.614.SCS0008

    CWE-617

    Reachable Assertion

    • CWE.617.ATA

    CWE-624

    Executable Regular Expression Error

    • CWE.624.CA3012

    CWE-638

    Not Using Complete Mediation

    • CWE.638.SCS0019

    CWE-643

    Improper Neutralization of Data within XPath Expressions ('XPath Injection')

    • CWE.643.SCS0003

    CWE-662

    Improper Synchronization

    • CWE.662.DIFCS

    CWE-676

    Use of Potentially Dangerous Function

    • CWE.676.APDM

    CWE-681

    Incorrect Conversion between Numeric Types

    • CWE.681.ECLTS
    • CWE.681.INTDL
    • CWE.681.INTVC

    CWE-732

    Incorrect Permission Assignment for Critical Resource

    • CWE.732.ADSVSP

    CWE-759

    Use of a One-Way Hash without a Salt

    • CWE.759.SALT

    CWE-760

    Use of a One-Way Hash with a Predictable Salt

    • CWE.760.SALT

    CWE-770

    Allocation of Resources Without Limits or Throttling

    • CWE.770.UHCF
    • CWE.770.CA2014

    CWE-771

    Missing Reference to Active Allocated Resource

    • CWE.771.LEAKS

    CWE-772

    Missing Release of Resource after Effective Lifetime

    • CWE.772.LEAKS

    CWE-778

    Insufficient Logging

    • CWE.778.GEL

    CWE-779

    Logging of Excessive Data

    • CWE.779.TDLOG

    CWE-780

    Use of RSA Algorithm without OAEP

    • CWE.780.UOWR

    CWE-787

    Out-of-bounds Write

    • CWE.787.ARRAY

    CWE-789

    Memory Allocation with Excessive Size Value

    • CWE.789.TDALLOC

    CWE-798

    Use of Hard-coded Credentials

    • CWE.798.HARDCONN
    • CWE.798.CA5403
    • CWE.798.HPWCS

    CWE-807

    Reliance on Untrusted Inputs in a Security Decision

    • CWE.807.AUTH

    CWE-827

    Improper Control of Document Type Definition

    • CWE.827.PDTDP

    CWE-829

    Inclusion of Functionality from Untrusted Control Sphere

    • CWE.829.DMSC
    • CWE.829.ADLL

    CWE-833

    Deadlock

    • CWE.833.ORDER

    CWE-835

    Loop with Unreachable Exit Condition ('Infinite Loop')

    • CWE.835.IVFLC
    • CWE.835.IVFLI
    • CWE.835.NSIVFLN

    CWE-838

    Inappropriate Encoding for Output Context

    • CWE.838.AIHUE
    • CWE.838.CA1054
    • CWE.838.CA1055
    • CWE.838.CA1056
    • CWE.838.CA5365

    CWE-862

    Missing Authorization

    • CWE.862.UAA

    CWE-863

    Incorrect Authorization

    • CWE.863.AAM
    • CWE.863.UAAMC
    • CWE.863.AUTH

    CWE-918

    Server-Side Request Forgery (SSRF)

    • CWE.918.TDNET
    • CWE.918.CA3147
    • CWE.918.CA5368
    • CWE.918.CA5391
    • CWE.918.CA5395

    CWE-1004

    Sensitive Cookie Without 'HttpOnly' Flag

    • CWE.1004.CA5396

    CWE-1386

    Insecure Operation on Windows Junction / Mount Point

    • CWE.1386.VLT